CVE-2013-0500

Published Oct 17, 2013

Last updated 7 years ago

Overview

Description: IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 does not properly handle device files that are created with the NFS protocol but accessed with a non-NFS protocol, which allows remote authenticated users to obtain sensitive information, modify programs or files, or cause a denial of service (device crash) via a (1) CIFS, (2) HTTPS, (3) SCP, or (4) SFTP operation.
Source: psirt@us.ibm.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 5.4
Impact score: 6.4
Exploitability score: 5.5
Vector string: AV:N/AC:M/Au:M/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-20

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:storwize_v7000_unified_software:1.3.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C2890B04-AB96-4B1F-90B0-3F365FD6EF0D"
          },
          {
            "criteria": "cpe:2.3:a:ibm:storwize_v7000_unified_software:1.3.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE9CC5C3-AE3E-4A24-B35B-3CD35D6D4414"
          },
          {
            "criteria": "cpe:2.3:a:ibm:storwize_v7000_unified_software:1.3.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BAEA5EAD-5341-429C-9DD4-DEB311485D68"
          },
          {
            "criteria": "cpe:2.3:a:ibm:storwize_v7000_unified_software:1.4.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F9B4C74-9135-4775-AC09-D79BEFF2BD3E"
          },
          {
            "criteria": "cpe:2.3:a:ibm:storwize_v7000_unified_software:1.4.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E1420861-4678-4282-BFD7-5933C48269F6"
          },
          {
            "criteria": "cpe:2.3:a:ibm:storwize_v7000_unified_software:1.4.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "02299B18-7BD4-4F39-A5FA-6FFE92F9A12D"
          },
          {
            "criteria": "cpe:2.3:a:ibm:storwize_v7000_unified_software:1.4.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C1FF672-811A-43AF-B7C8-61FF78952B7F"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ibm:storwize_v7000_unified:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37CA8291-F842-4786-9F4D-9EA60DAFE6CE"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References